Guardian denies responsibility for unredacted cables

The Guardian released a statement today assailing Wikileaks' accusation that one of its reporters published the password to an unredacted set of leaked U.S. diplomatic cables. The newspaper admits publishing the password, but says it was assured that the files encrypted with it were temporary and would not become public.

The tl;dr? It looks like Wikileaks screwed up somehow by letting the unredacted cables get into the wild, and that The Guardian screwed up by publishing the password to it. Apportion blame according to preference.

The full text of the statement follows after the jump.

Guardian statement in response to WikiLeaks

The Guardian calls on WikiLeaks not to carry through its plan to release the unredacted state department cables. We believe this would be grossly irresponsible.

The paper utterly rejects any suggestion that it is responsible for the release of the unedited cables.

It has been our consistent position that the material should not be released in unredacted form. It was out of concern over security that we ended our partnership with WikiLeaks on December 23 2010.
The Guardian was told that the file to which it was given access in July 2010 would only be on a secure server for a few hours and then taken off.

It appears that two versions of this file were subsequently posted to a peer-to-peer file sharing network using the same password.
One version was posted on December 7 2010 – a few hours before Julian Assange was arrested following an extradition request.

The unencrypted version of the cables published on the web last night (WEDS) was not the one accessed by the Guardian last year.
The Guardian’s book about WikiLeaks was published last February. No concerns about security were expressed when the book was published or at any stage during the past seven months.

A WikiLeaks “editorial” says “knowledge of the Guardian disclosure has spread privately over several months… for the past month WikiLeaks has been in the unenviable position of not being able to comment on what has happened.”

But on 4 August 2011 – at Julian Assange’s request – the Guardian’s editor, Alan Rusbridger, met Assange. The two hour meeting, which was filmed by Assange’s colleague, was cordial. Not only did Assange never mention the supposed security leak, he proposed working with the Guardian again on specific future projects. Since that date WikiLeaks has been in contact with the Guardian’s deputy editor, Ian Katz, to discuss collaboration. There were two further contacts during the week of August 8.

It should be noted that this is the third time that Assange has claimed he is suing the Guardian or its journalists. The first claim was made on November 1 2010 – and was for supposed loss of earnings. Secondly, he claimed he was suing the Guardian for libel in February 2011 over the Guardian’s book. Separately, he threatened to sue the author and Freedom of Information campaigner, Heather Brooke, for “criminal deception.” None of these actions ever materialised.

The Guardian and its partners went to great lengths to protect potentially vulnerable sources identified in the WikiLeaks documents throughout their collaboration with the organisation.

Initially, as has been widely reported, Assange was unwilling to remove material to protect informants but the Guardian and its media partners persuaded him that the diplomatic cables should be carefully redacted before release, and this editing process was carried out by the newspapers. We are deeply concerned that the release of the unredacted files could put at risk sources we and our partner newspapers worked very hard to protect.

WikiLeaks published 130,000 apparently unredacted cables last week. Until Wednesday of this week very few people had the required information to access the full cables, but over the last few days

WikiLeaks has published more and more hints about how they could be accessed and are now carrying out their own “online poll” about whether they should publish all the cables.

WikiLeaks should take responsibility for its own pattern of actions and not seek to deflect it elsewhere.

Let’s not forget that originally these documents were obtained from supposedly ‘secure’ government databases. What was the purpose behind telling a reporter the password? I thought only selective parts were doled out to the media. Dumb move.

I’m torn. On the one hand, Wikileaks’ moral failings are pretty stark (and made much harder to swallow by their unspeakably holier-than-thou approach). I mean, here we have this band of 800-some-odd (we think) completely anonymous volunteer regents of unknown qualifications and ideologies, deciding that they alone in the whole world are morally and intellectually qualified to decide what governments should and shouldn’t be allowed to keep private. Not their former media partners, not elected governments (‘cos they’re all corrupt, you know), not other NGOs. Just them.

I figured, well, I’d be on pretty solid ground pointing out the inherent moral dangers here, especially when they’re sort of led by a figure who compares himself explicitly to Martin Luther King, Jr., yet has pointedly said he has no compunctions about releasing the names of “collaborators” in war zones, whomever he may deem them to be.

And it never really influenced me that people were saying, “Oh, well, they’re being so careful in redacting these documents. They’re so smart and so good, these Wikileaks people.” How would they know? Except for Assange and a few others, we have no idea who they are. But now I feel like a chump for not having predicted that pretty much exactly this would happen. It’s not like attention to detail has been their strong suit up to this point.

Ironically, this unbelievable level of crypto-incompetence even tarnishes the one positive side effect of the whole mess, which was shining a light on the equally incredible crypto-incompetence that let Manning walk off with the information in the first place. So it goes.

The crypto-incompetence is the Guardian’s. They were given a password to decrypt the file of cables so they could view and use them. There was no need to publish the actual password in a book. They could have made one up. There is every reason to suspect the file might still be around. “What goes on the net stays one the net” etc.

Perhaps before providing access, WikiLeaks should require an understanding of the principles of cryptography.

Even so, once the resource gets out into the wild, the key is the only safeguard. It’s never enough just to know that a lock exists and that you know where it is, just as knowing what the file is named does not give you access. The world is full of deadbolt locks to houses that don’t get broken into, after all.

The Guardian provided the entry tool of their own volition. It may have been due to ignorance, but let’s call a spade a spade. The file would have been useless to anybody but brute-forcers without their involvement.

I’m puzzled by your reasoning because it appears to boil down to “The Guardian was at fault for crediting Wikileaks with any security competence at all”.

Bear in mind that the understanding was that the encrypted file would be deleted by Wikileaks once the transfer was completed, which, as long as The Guardian did the same with their copy, would make the password completely innocuous. Should The Guardian perhaps have considered the possibility that Assange wouldn’t know how to delete a file from his server, or that he didn’t know how to encrypt the archive with a new key for the next recipient?

The Guardian had no reason to believe that the password was any longer of importance, just as I have no reason to believe that that the PIN for the bank card associated with an account I closed last year (33707, incidentally) could be of any use to anyone unless I posit a monumental level of incompetence on the part of my old bank.

This is exactly correct. The Guardian’s only mistake was assuming Wikileaks would do as they promised and follow sound cryptographic protocol.

Not only did Wikileaks fail to shred the encrypted file on schedule, they then made that very file public when Assange was arrested, presumably by way of “insurance”.

Remember that Assange was always in favour of naming names- EVERYBODY’s names, good guys and bad guys. It was the newspapers who said this was madness, who did the work to stop it happening, and who maintained cryptographic hygiene.

Blame apportionment: Wikileaks: 90%, for incompetence; Guardian 10%, for meta-incompetence (i.e., for not assuming incompetence on the part of all other parties).

The Guardian’s only mistake was assuming Wikileaks would do as they promised and follow sound cryptographic protocol.

The Guardian’s mistake was in publishing a known-good password. If they hadn’t done that, it wouldn’t have mattered what WL did with the file. WL may have mistakenly leaked the file, but the actual, real, problem comes from the Guardian’s actions.

Calling it a “known-good password” is disingenuous: it sweeps all the important facts under the rug.

The password was supposed to be useless by the time the Guardian published it. Wikileaks asserted as much when they gave the password to the Guardian. Time-limited passwords are a rudimentary aspect of competent security practices. On top of that, serious journalists do not alter or suppress the facts of a story unless there is a damn good reason. So the Guardian printed the password because it was factual background to the story, and because they had every reason to believe it was now useless. As Stooge said, is it really the Guardian’s job to assume Wikileaks is grossly incompetent? Must the Guardian predicate all its actions on the assumption that Assange would fail to wipe the file from his server, and fail to re-encrypt it before its next release?

Of course not.

The Guardian behaved like grown-ups, and Wikileaks behaved like petulant, self-important, incompetent schoolboys.

That the redacted information has become public is not really a surprise; as mentioned, Assange always wanted it this way, and he had to be talked out of it from the start. The more interesting question has nothing to do with dividing blame, and everything to do with figuring out what, exactly, is going on inside that bleached Aussie’s dangerous mind.

Time-limited passwords are a rudimentary aspect of competent security practices.

No. The file was apparently weakly encrypted against a “password”. That password will always decrypt the file. Any “time limiting” would have to happen in the decryption tool, and that can always be worked around.

The Guardian had no reason to believe that the password was any longer of importance

I think you give them too much credit, since there’s no indication that the question “what if it is?” (scientific falsifiability) ever entered their minds. I think David Leigh wanted to play show-off “LOOK A REAL WIKILEAKS PASSWORD,” but I’m getting the sense that blame for this has become a religious question, a question whose answer no longer really matters.

They want to release it but after some commented that releasing documents with names of informants and the like could get in to the wrong hands and lead to horrible things, not that there was any proof of it. I think it was the CIA that claimed that no one had been hurt because of the Iraq releases.

So to please every one they started to work with established journalistic institutions like the guardian and other newspapers and tv-stations. With the help of them they try to edit all the content before they release it. Making sure no names are mentioned.

And they don’t want to steal it because they only are publishers. Other people bring them the content and they distribute it.

“The files were temporary”? How sure can anyone be that there’s no backup of an important file somewhere? File passwords don’t expire.

The Guardian didn’t have to publish the password. It would have been trivial to edit it out, and it’s a sensible precaution against the “rare” eventuality that the file still exists somewhere, or that the password is still used to protect something important. Which leads me to conclude that the Guardian was not acting sensibly.

How sure can anyone be that there’s no backup of an important file somewhere? File passwords don’t expire.

Anyone who has a bare minimum of competence in administering their own server should be able to ensure a file is not backed up and all copies are deleted. Sysadmins do this successfully all the time because i)it’s really easy and ii)they don’t want to get fired for gross incompetence or end up in jail.

The Guardian didn’t have to publish the password. It would have been trivial to edit it out, and it’s a sensible precaution against the “rare” eventuality that the file still exists somewhere, or that the password is still used to protect something important. Which leads me to conclude that the Guardian was not acting sensibly.
It would also be trivial to delete the encrypted file, or, upon realising that the file that should have been deleted had ended up on bittorrent, notify The Guardian that the password itself was still important.

I so like your hypothesis “that the password is still used to protect something important” that I’m quoting twice. I find it amusing that you would attribute no blame to Assange if he had used the same password again for, say, a full set of US nuclear launch codes, and yet The Guardian draws your criticism for not having considered this possibility. I wonder if you can figure out why.

I am writing a thesis with the hope that it will be applied to better the world we live in. This thesis is on Public Trust in WikiLeaks, the Media and the Government and need to know what your opinions are. The online survey is anonymous, multiple choice and will take approximately 10 minutes to complete. Please follow the link: http://www.kwiksurveys.com/?s=​ILLLML_9669e09d. Would be great if you would encourage others to do the survey also

FYI, apparently this is not the password to the official wikileaks ‘insurance’ file. It’s the password to some other file that was given to the Grauniad, but also kept on the wikileaks servers. Even wikileaks weren’t dumb enough to use the same password on their public and private copies of the cables.

Someone at Wikileaks has leaked the copy of the Guardian’s file that was stored on the Wikileaks servers. God knows where that copy has been distributed by now, maybe it’s on a torrent somewhere (probably).

Basically, both parties have been stupid. Wikileaks shouldn’t be using a simple encrypted file. Wikileaks should’ve deleted their copy, or re-encrypted it with another password so that the Grauniad copy was the only one that could be unlocked with the Grauniad’s password. Maybe Assange just found it too hard to think of and remember another password, we’ve all been there, but people won’t die if someone realises my Facebook and MSN messenger use the same password.
Partly because that means that once it’s unencrypted (e.g. on the Grauniad journo’s laptop) it stays unencrypted. If enemies of the state knew it was so simple they would’ve just put on a hoodie and mugged a journo for their laptop. Also an encrypted file and its password are valid forever unless one is destroyed. Destroying all copies of a file is hard. Shift-delete just won’t do it.

They should’ve used some sort of public key encrpytion and a dedicated server with someone monitoring who’s logged on and the bandwidtch in and out. That way, they can change passwords and just pull the plug if it looks like a hacker is downloading the files.

The journalist really should’ve changed the password in the book. All journalists make trivial changes to names to protect their sources, just in case. It’s not just for cases where the risks are obvious. If he’d put the underscores in a different position or used different punctuation it wouldn’t have made the book less ‘true’. It sounds like the journalist was too tempted by the badassery of publishing the real password in plain sight.

the sources are not the sources that leaked the cables, but collaborators with the american government. and the result will be that these people will think twie about collaboratin.

Only if the sources are lucky will they have the chance to think twice about what they have done. I find the fact you appear to be happily allowing your views on the USA’s actions to blind yourself to the very real life and death consequences for collaborator names revealed by this leak disturbing.

none of the sources will be harmed. no one gets killed for saying that merkel has bad breath. these are diplomatic cables and not CIA-cables. all of this sources-get-killed-shit is propaganda as the US did when releasing the war diaries and/or similar.
US diplomacy gets people killed and leaking the lies of US diplomacy (might also get people killed) but at least it exposes the real face of the US.